Facebook Was Breached: What To Do Now
If you use Facebook, your personal information may now be in the hands of cybercriminals. Read on to find out what happened, whether you were affected, and how you can protect your privacy on social media.
Earlier this month, the personal information of half a billion Facebook users was exposed on a hacking forum. The leak, which is connected to a 2019 breach, affected Facebook users in 196 countries, including 32 million users based in the US.
Although the information leaked -- Facebook IDs, full names, phone numbers, email addresses, locations, and birth dates -- is a few years old, it may still be valuable to cybercriminals that engage in identity theft.
Crucially, Facebook's response to the incident left much to be desired. However, this isn't the first time Facebook has failed to protect users' privacy. Who can forget the time Cambridge Analytica, a voter-profiling company, harvested data from millions of Facebook users' profiles? Or the other time when Facebook allowed Amazon, Netflix, and other tech companies to access users' private messages?
For a more comprehensive timeline of Facebook's privacy issues, check out this blog post by Guild. However, it's not just Facebook that doesn't seem to understand the concept of privacy.
Social media is fraught by privacy issues
Other social media platforms are just as bad as Facebook when it comes to data security.
Twitter, LinkedIn, TikTok, Instagram, and WhatsApp have had their fair share of privacy scandals. Besides, Instagram and WhatsApp are actually owned by Facebook.
Why do we continue using social media?
If people care about their privacy (and they do -- according to a recent study, almost 3 in 4 Americans are "extremely concerned" or "very concerned" about their privacy), why is social media use increasing every year?
In 2020, there were 3.6 billion social network users worldwide. This number is predicted to go up to 4.41 billion by 2025.
According to Dr. Ethan Plaut, lecturer in Communication at the University of Auckland, most people either don't know how to protect themselves or, worse, think they have nothing to hide.
Considering that your social media information can be used by hackers, government agencies, employers, advertisers, data brokers, and even facial recognition companies, this kind of thinking is dangerous.
What can you do?
Besides maintaining strong, unique passwords across different platforms, enabling two-factor authentication, and not clicking on any suspicious links, here's what else you can do to keep your information on social media secure:
Step 1: Check if your information has been compromised
To see if your information was exposed, go to Have I Been Pwned. The site is owned by Troy Hunt, Microsoft regional director and MVP for Developer Security, so you don't need to worry that the information you share (your email address/phone number) is going to be used for nefarious purposes.
If your information has been compromised, you may want to change your passwords, sift out old data, and make your accounts more private.
Step 2: Read the Privacy Policies and the Terms of Services
If you don't have the time to do so, at the very least, check out Terms of Service Didn't Read, a site that summarizes the terms of services for popular platforms and apps.
Step 3: Adjust your privacy settings
The default privacy settings on most social media networks tend to leave users sharing more personal information than they may be comfortable with. Here's where you can check your settings for Facebook, Twitter, Instagram, and LinkedIn. In particular, make sure you set your profiles to private.
Return to and adjust privacy settings regularly since updates can result in small but important changes.
Step 4: Be mindful of the things you share
Biographical details: Most social media platforms require that you share your biographical information when setting up your account, but you don't actually have to do so. Omit whatever isn't necessary (like where you went to school) and consider using false information for required fields, like an alias instead of your real name or a fake birth date.
Contact information: Use a separate email address for all your social media accounts. That way, even if you're compromised, cybercriminals won't have access to any important information.
Location: Sharing your location or publicizing your daily routine could leave you exposed to robbery, stalking, or trolling. Aside from you freely sharing this information with your friends and followers, cybercriminals and trolls may use metadata to see precisely where a photo was taken. For this reason, it's always a good idea to remove metadata from images before posting them online.
Answers to security questions: You're not the only one who loves Facebook quizzes. For scammers, answers to questions like the name of your first pet or the place you were born make it easier to break into your accounts.
Your face: The controversial facial recognition company Clearview AI built its database on scraped social media images and then sold the tool to law enforcement. To prevent your face from ending up on a facial recognition database, use Fawkes, a tool that "cloaks" your image to trick facial recognition systems.
Important: Whatever you post online may remain on the internet forever, whether through internet archive tools or someone else's screenshots.
Step 5: Don't accept people you don't know as friends
No one cares how many friends you have on Facebook. If you get a friend request from someone you don't know in real life, don't accept it.
Also, be wary of friend requests from people you've already accepted as friends. The second request may be a scammer trying to get access to your private profile and friends list.
Step 6: Don't log in to other websites with Facebook
If you use Facebook to log in to other websites, this could give cybercriminals access to all your other accounts in the event of a breach.
Step 7: Delete your social media
This is a nuclear option, but if you're really worried about your privacy, you could delete all your social media accounts.
However, note that even if you erase your social media presence, that doesn't mean that no one is going to track you. Facebook, for example, is well known for its "shadow accounts," information collected on non-users without their consent.